CVE-2024-37148
- EPSS 20.23%
- Veröffentlicht 10.07.2024 20:15:03
- Zuletzt bearbeitet 07.01.2025 16:58:37
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another u...
CVE-2024-37149
- EPSS 21.08%
- Veröffentlicht 10.07.2024 20:15:03
- Zuletzt bearbeitet 07.01.2025 17:03:06
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to exec...
CVE-2024-37147
- EPSS 0.69%
- Veröffentlicht 10.07.2024 19:15:10
- Zuletzt bearbeitet 07.01.2025 16:55:46
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Up...
CVE-2024-29889
- EPSS 62.96%
- Veröffentlicht 07.05.2024 14:15:10
- Zuletzt bearbeitet 28.01.2025 03:40:57
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is fixe...
CVE-2024-31456
- EPSS 59.14%
- Veröffentlicht 07.05.2024 14:15:10
- Zuletzt bearbeitet 07.01.2025 16:49:45
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability from map search. This vulnerability is fixed in 10.0.15.
CVE-2024-31705
- EPSS 1.88%
- Veröffentlicht 29.04.2024 18:15:07
- Zuletzt bearbeitet 15.04.2026 00:35:42
An issue in Infotel Conseil GLPI v.10.X.X and after allows a remote attacker to execute arbitrary code via the insufficient validation of user-supplied input.
CVE-2024-27914
- EPSS 0.82%
- Veröffentlicht 18.03.2024 17:15:07
- Zuletzt bearbeitet 02.01.2025 15:30:15
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected ...
CVE-2024-27096
- EPSS 58.82%
- Veröffentlicht 18.03.2024 17:15:06
- Zuletzt bearbeitet 02.01.2025 15:54:08
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the...
CVE-2024-27098
- EPSS 35.72%
- Veröffentlicht 18.03.2024 17:15:06
- Zuletzt bearbeitet 02.01.2025 15:53:19
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has be...
CVE-2024-27104
- EPSS 0.67%
- Veröffentlicht 18.03.2024 17:15:06
- Zuletzt bearbeitet 02.01.2025 15:47:16
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user ...